Google patches ‘loophole’ in two-factor verification system

An Interesting article  in NBC News technology  security section: A security firm found it could bypass Google’s two-step login verification process, reset a user’s master password and gain full control of the account “simply by capturing a user’s application-specific password.”

Application-specific passwords are passwords generated by Google that you can opt to use instead of your master password. They are long and awkward, and the whole point of them is that they aren’t really something you’d ever remember or even store anywhere. The trouble was, users were led to think they could only be used once, but Duo Security said, in a report, that they could in fact be used anywhere — and without a second point of authentication. The trick for the hacker was to obtain the application-specific password, and that’s really hard.

 

To read more click here:

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.